Associating Virtual Machines on a Server Computer with Particular Users on an Exclusive Basis

ABSTRACT

A first computer of a plurality of computers in a server computer system may be associated with a first user on an exclusive basis. An administrator of the server computer system may utilize an administrative user interface in order to specify the association. Associating the first computer with the first user on the exclusive basis may prevent users other than the first user from using the first computer. In response to receiving a request from the first user to connect to the server computer system, the system may operate to determine that the first computer is associated with the first user on the exclusive basis and may assign the first computer to the first user. Once the first computer has been assigned to the first user, the first user can begin using the first computer. In some embodiments the first computer may be a physical computer. In other embodiments the first computer may be a virtual machine.

PRIORITY CLAIM

The present application claims priority to U.S. provisional patentapplication Ser. No. 60/889,994 titled, “Virtualization Methods for aBlade Computing System,” which was filed on Feb. 15, 2007, whoseinventor was Syed Mohammad Amir Husain.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates generally to a server computer system thatprovides centralized computing resources to a plurality of users. Moreparticularly, the invention relates a system and method for associatingvirtual machines on a server computer with particular users on anexclusive basis.

2. Description of the Related Art

Many commercial businesses and enterprises make extensive use ofpersonal computers (PCs) in their daily operations. Typically, each userof a PC in the enterprise has a networked PC at his/her desk or workarea. As the number of networked computer systems utilized in anenterprise increases, the management of resources in the network maybecome increasingly complex and expensive. Some of the manageabilityissues involved in maintaining a large number of networked computersystems may include ease of installation and deployment, the topologyand physical logistics of the network, asset management, scalability(the cost and effort involved in increasing the number of units),troubleshooting network or unit problems, support costs, softwaretracking and management, as well as the simple issue of physical space,be it floor space or room on the desktop, as well as security issuesregarding physical assets, information protection, software control, andcomputer virus issues.

Many of these issues may be addressed by centralizing the locations ofcomputing resources. For example, each individual user may connectthrough a network to a server computer system and use computingresources provided by the server computer system.

Some server computer systems are capable of leveraging the physicalhardware resources available through virtualization. Virtualizationprovides the ability for multiple virtual machines to run together onthe same physical server computer. For example, each virtual machine mayexecute its own operating system and may appear to a user of the virtualmachine to be the same as an independent physical computer. The softwarelayer that executes on the physical server computer and manages thevarious virtual machines is called a hypervisor or virtual machine hostsoftware. The hypervisor can run on bare hardware (called a Type 1 ornative VM) or under control of an operating system (called a Type 2 orhosted VM).

SUMMARY

Various embodiments of a system and method for associating a computer ina server computer system with a user are disclosed. According to oneembodiment of the method, a first computer of a plurality of computersin the server computer system may be associated with a first user on anexclusive basis. An administrator of the server computer system mayutilize an administrative user interface in order to specify theassociation. Associating the first computer with the first user on theexclusive basis may prevent users other than the first user from usingthe first computer. In response to receiving a request from the firstuser to connect to the server computer system, the system may operate todetermine that the first computer is associated with the first user onthe exclusive basis and may assign the first computer to the first user.Once the first computer has been assigned to the first user, the firstuser can begin using the first computer.

In some embodiments the first computer may be a physical computer. Inother embodiments the first computer may be a first virtual machine. Inresponse to receiving a first request from the first user to connect tothe server computer, the method may operate to determine that the firstvirtual machine is associated with the first user on the exclusive basisand may assign the first user to the first virtual machine. Once thefirst user has been assigned to the first virtual machine, the firstuser can begin using the first virtual machine. For example, the usermay execute software programs on the first virtual machine, access datastored on the first virtual machine, etc. When the user is finishedusing the first virtual machine, the user may request to disconnect fromthe server computer. In response to the user's request to disconnect,the first user may be de-assigned from the first virtual machine, e.g.,where the de-assigning indicates that the first virtual machine is nolonger in use by the first user.

However, in some embodiments the first virtual machine may not beremoved from the server computer after the first user has beende-assigned from the first virtual machine. Instead, the server computermay continue to maintain the first virtual machine so that it isavailable for future connections by the first user. Other users whoconnect to the server computer may be prevented from using the firstvirtual machine.

In some embodiments, the first virtual machine may be maintained so thatwhen the first user subsequently connects to it again, the first virtualmachine is in the same state as it was when the first user previouslydisconnected. In some embodiments, when the first user is de-assignedfrom the first virtual machine, the first virtual machine may remain inan active state of execution on the server computer. For example,although the first virtual machine may be in an idle state, the firstvirtual machine may still be actively executed by the virtual machinehost software. In other embodiments, when the first user is de-assignedfrom the first virtual machine, the first virtual machine may behibernated so that it is no longer in an active state of execution.

BRIEF DESCRIPTION OF THE DRAWINGS

A better understanding of the present invention can be obtained when thefollowing detailed description of the embodiment is considered inconjunction with the following drawings, in which:

FIG. 1 illustrates computer systems including peripheral devices coupledto computer blades in a cage, according to one embodiment;

FIG. 2 illustrates a computer blade, according to one embodiment;

FIG. 3 illustrates a computer blade having a power supply, hard drive,and motherboard, according to one embodiment;

FIG. 4 illustrates an example of a blade computing system according toone embodiment;

FIGS. 4B and 4C illustrate examples of a server computer systemincluding a plurality of server computers;

FIG. 5 is a flowchart diagram illustrating one embodiment of a methodfor maintaining a pool of free virtual machines on a server computer;

FIG. 5B illustrates various examples of algorithms for maintaining thenumber of free virtual machines in the pool over time;

FIG. 6A is a flowchart diagram illustrating one embodiment of a methodfor associating a virtual machine with a user on an exclusive basis;

FIG. 6B is a flowchart diagram illustrating one embodiment of a methodfor assigning a particular virtual machine to a particular user afterthe virtual machine has been exclusively associated with the user;

FIG. 6C is an example illustrating a plurality of virtual machines on aparticular server computer in the server computer system;

FIG. 7A is a flowchart diagram illustrating one embodiment of a methodfor transferring a virtual machine across server computers;

FIG. 7B is a flowchart diagram illustrating one embodiment of a methodfor moving execution of a virtual machine from a first server computerthat implements one type of virtualization platform to a second servercomputer that implements a different type of virtualization platform;

FIG. 7C illustrates an example of a system which may implement themethod of FIG. 7B, according to one embodiment;

FIG. 7D illustrates an example of snapshot information used in themethod of FIG. 7B;

FIG. 8 is a flowchart diagram illustrating one embodiment of a methodfor automatically hibernating an inactive virtual machine;

FIG. 9 illustrates an example of transferring a virtual machine from aserver computer to a client computer and back again;

FIG. 10 is a flowchart diagram illustrating one embodiment of a methodfor dynamically transferring local execution of a virtual machine from aclient computer to remote execution on a server computer; and

FIG. 11 is a flowchart diagram illustrating one embodiment of a methodfor dynamically transferring remote execution of a virtual machine on aserver computer to local execution on a client computer.

While the invention is susceptible to various modifications andalternative forms, specific embodiments thereof are shown by way ofexample in the drawings and are herein described in detail. It should beunderstood, however, that the drawings and detailed description theretoare not intended to limit the invention to the particular formdisclosed, but on the contrary, the intention is to cover allmodifications, equivalents and alternatives falling within the spiritand scope of the present invention as defined by the appended claims.

INCORPORATION BY REFERENCE

The following provisional patent application is hereby incorporated byreference:

U.S. provisional patent application Ser. No. 60/889,994 titled,“Virtualization Methods for a Blade Computing System,” which was filedon Feb. 15, 2007, whose inventor was Syed Mohammad Amir Husain.

DETAILED DESCRIPTION OF EMBODIMENTS

Various embodiments of a distributed computer system and associatedmethods are described herein. A plurality of users located at differentphysical locations may connect through a network to a server computersystem including one or more server computers. In some embodiments, uponconnecting to the server computer system, each user may be assigned to avirtual machine executing on a server computer in the system. Variousmethods for assigning users to virtual machines and managing the virtualmachines executing on the various server computers are described herein.

FIGS. 1-4—Blade Computer Systems

In some embodiments the server computer system may include a bladeserver computer system, also referred to herein as a blade computersystem. In a blade server computer system, multiple physical servercomputers, e.g., PC's, may be installed into a central frame or cabinet(e.g., physical chassis). Different sets of human interface hardware(e.g., keyboard, display device, mouse, etc.) for interacting with theserver computers may be located at remote locations from the centralcabinet. In one approach, each physical server computer in the systemmay be a “computer on a card”, also referred to as a computer blade or“blade”. For example, each server computer may be included on a circuitcard that may include standard computing system components such as aCPU, memory, power supply, and network interface, as well as anextender, e.g., a USB or PCI extender, for communicating with the remotehuman interface. A server computer system in which a plurality of humaninterfaces are coupled via a network to a plurality of centralizedcomputer blades is referred to herein as a blade server computingsystem.

FIGS. 1-4 illustrate components that may be used in various embodimentsof a blade computing system. As FIG. 1 indicates, in one embodiment, theblade computing system may include a plurality of human interfaces 20coupled to a cage or chassis 113 that includes a plurality of computerblades 105, where each computer blade 105 acts as a server computer.Each human interface 20 may include at least one peripheral device(e.g., keyboard 117, mouse 119, monitor 121, etc.) that enables a userto provide user input to and/or receive output from a respectivecomputer blade 105, or a respective virtual machine executing on acomputer blade 105. Each computer blade 105 may include variouscomponents necessary for computer operations, such as, but not limitedto, a processor and a storage medium.

As FIG. 1 shows, connecting cables 151 may connect computer blades 105to respective human interfaces 20, also referred to as peripheral devicegroups, through respective device ports or hubs 157 (e.g., C-Ports orI-Ports). In one embodiment, each device port may comprise an extenderdevice that may enable transmission of user interface signals (i.e.,peripheral device signals) over distances generally not allowed bystandard protocols such as USB.

In one embodiment, the human interfaces 20 or peripheral device groups,such as the human interface 20A, may include a keyboard 117, a pointingdevice, e.g., a mouse 119, a display device, e.g., a computer monitor121, and/or other peripheral devices for human interface. A computerblade 105, such as computer blade 105A, may communicate with theperipheral devices coupled to the computer blade 105 by sending andreceiving encoded human interface signals transmitted over therespective connecting cable 151. In one embodiment, a cage 113, e.g., ametal cabinet or chassis, may have a plurality of slots 111. Thecomputer blades 105A, 105B, and 105C may be inserted into the slots111A, 111B, and 111C, respectively. The cage 113 may also include cageconnectors (not shown) to couple the computer blades 105 to theirrespective connecting cables 151.

The computer blades 105 may be installed in the cage 113 at a centrallocation, while each human interface 20 (e.g., each peripheral devicegroup) may be located remotely from the cage 113, such as at respectivework areas of the users of the computer blades 105. The separation ofthe human interfaces 20 from the computer blades 105 may allow easiersoftware installation across a network, such as but not limited todownloading CD-ROMs, and may provide a central location of multipleserver computers which may simplify both hardware and softwaremaintenance.

Each computer blade 105 may also be coupled to a network 115 through anon-board network logic (not shown). The network 115 may be a Local AreaNetwork (LAN) or a Wide Area Network (WAN), such as the Internet,although other networks, e.g, wireless, cellular, etc., are alsocontemplated. As mentioned above, in one embodiment, the computer blades105 may be inserted into respective slots 111 of the cage 113, andcoupled to respective peripheral device groups through the cageconnectors (not shown) and connecting cables 151. In one embodiment,each computer blade 105 may also be coupled to the network 115 throughthe cage connectors (not shown) and a network cable, such as Ethernetcables 163.

While the embodiment of FIG. 1 illustrates a blade computing system, itis noted that in other embodiments the server computer system describedherein may include other types and forms of computers. In other words,the server computer system embodiment shown in FIG. 1 is intended to bean example only, and is not intended to limit the types or number ofserver computers used in the server computer system. For furtherinformation regarding the use of multiple computer blades in a system,please see U.S. patent application Ser. No. 09/728,667 titled “ComputerOn A Card With A Remote Human Interface”.

FIG. 2—Computer Blade

Referring to FIG. 2, an embodiment of a computer blade 105 is shown. Inone embodiment, the computer blade 105 may include various componentsfor computer operations, such as, but not limited to, a motherboard 207,a power supply 210, and a hard drive 208, as shown. In one embodiment,the motherboard 207, the power supply 210, and the hard drive 208 may becoupled to or mounted on a slide drawer frame 205. In one embodiment,the slide drawer frame 205 may be three rack units high (orapproximately 5.25 inches), thus occupying a much smaller space thanstandard PC units, although other slide drawer frame 205 dimensions mayalso be used.

The motherboard 207 may be a printed circuit board with components suchas, but not limited to, a central processing unit (CPU), memory, and LANinterface. Other types of motherboards and other types of motherboardcomponents are also contemplated. The computer blade 105 may include oneor more storage devices that implement non-volatile storage, such as ahard drive 208, optical drive, and/or flash memory. The computer blade105 may communicate with external systems, e.g., peripheral devices andnetworks, through an edge connector 209. In one embodiment, the edgeconnector 209 may transmit signals such as, but not limited to, networksignals, input/output (I/O) signals, video signals, audio signals, anduniversal serial bus (USB) signals. For example, the edge connector maycommunicate network signals to a network and encoded human interfacesignals to a group of peripheral devices.

In one embodiment, the computer blade 105 may further include powersupply 210 mounted on the slide drawer frame 205 with an internal powersource or coupled to an external power source (not shown) to providepower to the computer blade 105. The power supply 210 may convert localmain power to an appropriate voltage for the computer blade 105. Becausethe computer blade 105 has an individual power supply 210, if the powersupply 210 fails, the computer blade 105 may be the only computer bladethat fails. In one embodiment, a single power supply located in the cage113 may supply power to several computer blades 105. However, a singlepower supply for the cage 113 may be a single point of failure for thecage 113. If the single power supply fails, multiple computer blades 105may also fail, requiring multiple replacement blades. In a system with asingle power supply for a cage 113, the computer blades 105 may requireone or more stand-by replacement blades connected to another powersource. If the power supply for the cage 113 fails, information from thecomputer blades 105 may be copied onto the replacement computer bladesfrom other computer blades in the system to which information from thecomputer blades 105 had been previously copied.

As FIG. 2 also illustrates that, in one embodiment, cage 113 may have aplurality of slots, such as slot 111, to house the computer blade 105.The computer blade 105 may be inserted into one of the slots 111 of thecage 113. The cage 113 may include a cage connector (not shown) tocouple to the edge connector 209 on the computer blade 105. The cageconnector may also include an external second connector (not shown) thatis electrically coupled to the computer blade 105 when the computerblade 105 is inserted into the slot 107. The external second connectormay be further coupled to the connecting cables 151 (shown in FIG. 1)for communication of the encoded human interface signals to a group ofperipheral devices at a remote location. The use of the cage connectorsas an intermediate connection between computer blade 105 and theconnecting cable 151 may allow the removal and exchange of computerblade 105 without the need to disconnect the connecting cable 151 fromthe cage 113. If the computer blade 105 fails, the computer blade 105may be removed and a new computer blade inserted. As noted above, in oneembodiment, when a computer blade 105 fails, the user's human interface,e.g., one or more peripheral devices, may be switched to a replacementcomputer blade 105 (possibly in a manner that is transparent to theuser), after which the failed computer blade 105 may be removed andreplaced.

FIG. 3—Computer Blade Components

Referring to FIG. 3, an embodiment of a computer blade 105 having apower supply 210, hard drive 208, and motherboard 207 is shown. Thecomputer blade 105 may include elements that make up a standard PC, suchas, but not limited to, a motherboard 207 with various components suchas but not limited to a processor, e.g., a CPU 306, memory 304, andinterface logic 302, which may include network logic 305, I/O logic 307,and interface logic 303, as well as other interface circuitry associatedwith a motherboard 207, configured on a single card. The network logic305 may include a LAN or WAN connection, such as but not limited to anIEEE 803.2 (10/100 BaseT) Ethernet, and circuitry for connecting toperipheral devices coupled to the computer blade 105. The computer blade105 may be electrically coupled to the cage 113 (shown in FIG. 2)through the edge connector 209 that may face to the rear of the computerblade 105. In one embodiment, the computer blade 105 may slide into aslot 107 (shown in FIG. 2) of the cage 113 (shown in FIG. 2), makingcontact with the cage connector (not shown).

In one embodiment, the computer blade 105 may further include a networkinterface logic 305 included on a printed circuit board for interfacingto a network. The network logic 305 may encode network signals into aformat suitable for transmission to the network. The network logic 305may also receive encoded network signals from the network, and decodethe encoded network signals. In one embodiment, the motherboard 207 mayfurther include logic supporting PCI slot-based feature cards.

In one embodiment, the components on the computer blade 105 may bearranged from front to back for thermal efficiency. The interface logic302 may be located at the rear of the computer blade 105, while thepower supply 210 and hard disk 208 may be located at the front of thecomputer blade 105. In one embodiment, the computer blade 105 may havedifferent slide drawer frame shapes, such as but not limited to square,rectangle, cubic, and three-dimensional rectangular forms. In oneembodiment, the computer blade 105 may have components mounted on eitherside of the computer blade 105. The computer blade 105 may also havecomponents mounted on both sides of the computer blade 105. If the slidedrawer frame 205 has a three-dimensional shape, the components may bemounted on an inside surface and outside surface of the slide drawerframe 205.

FIG. 4—Example Blade Computing System

FIG. 4 illustrates an example of a blade computing system according toone embodiment. The system includes a plurality of end user consoles 80.Each end user console 80 may include a human interface 20, also referredto as a peripheral device group. Human end users utilize the end userconsoles 80 to interact with software programs executing on computerblades 105. The end user consoles 80 may be geographically dispersed,while the computer blades 105 are located in a central location in acage 113.

In some embodiments, there may be a one-to-one correspondence betweenthe end user consoles 80 and the computer blades 105. For example, eachcomputer blade 105 may correspond to one end user console 80. Forexample, a first user may utilize the end user console 80A to interactwith software programs executing on a computer blade 105A, a second usermay utilize the end user console 80B to interact with software programsexecuting on a computer blade 105B, etc.

In other embodiments, a computer blade 105 may correspond to or hostmultiple end user consoles 80. For example, as described below, in someembodiments each computer blade 105 may execute virtual machine hostsoftware that enables a plurality of virtual machines to execute on thecomputer blade 105. Each virtual machine may correspond to one of theend user consoles 80. As an example, a computer blade 105A mayinstantiate two virtual machines, where one of the virtual machinescorresponds to an end user console 80A and the other virtual machinecorresponds to an end user console 80B. In various embodiments, eachcomputer blade 105 may execute any number of virtual machines and thusmay correspond to or host any number of end user consoles 80.

In some embodiments the end user consoles 80 may communicate with thecomputer blades 105 through a wide area network, such as the Internet.The number of users connected to the computer blades 105 at any giventime may vary. For example, in some embodiments, when a user needs touse a virtual machine he may establish a remote communication session inorder to communicate with a virtual machine executing on one of thecomputer blades 105. When the user is finished using the virtual machinethe remote communication session may end. Thus, at any given time,various numbers of users may have respective remote communicationsessions open in order to use respective virtual machines implemented onthe computer blades 105.

In various embodiments, the end user consoles 80 may communicate withthe computer blades 105 using any kind of devices and communicationsoftware. As one example, an end user console 80A may communicate with adedicated computer blade 105A through a NeoLinux I/Port client. Asanother example, an end user console 80B may communicate with a VMWarevirtual machine executing on a computer blade 105B through an XPe I/Portclient. As another example, end user consoles 80C and 80D maycommunicate through a web-browser interface via network hardware 40 withcomputer blades 105C and 105D.

In the embodiment illustrated in FIG. 4, the system includes a primaryapplication server 50. The primary application server 50 is anapplication server that acts as an interface between the administratorconsole 70, the database server 45, the end user consoles 80, and thecomputer blades 105. The primary application server 50 executes systemmanagement software 10 that enables the interaction among thesecomponents. The primary application server 50 may also supportfault-tolerant failover to a secondary failover application server 52.The primary application server 50 may maintain security for the systemand interact with the each of the nodes in the system, including thedatabase server 45 that stores characteristics, information, and logsrelated to the system.

In some embodiments, only one primary application server is used in thesystem. When a primary and secondary application server are configured,failover is provided from the primary to the secondary. Everytransaction that is managed by the primary application server 50 mayinclude a final synchronization step to ensure that the secondaryapplication server 52 is always in lock step. Thus, the secondaryapplication server 52 may be act as a mirror image of the primaryapplication server 50. The secondary application server 52 may receiveone-way updates from the devices configured to communicate with bothprimary and secondary application servers. In the event of a failurewith the primary application server 50, the secondary application server52 may take over communications and become the primary applicationserver 50 with no loss of configuration information.

The database server 45 may host a management database that includesinformation about the system. For example, the database may includeinformation about computer blades 105 or other devices in the system,virtual machines executing on the computer blades 105, users that havebeen discovered on the network, etc. The database may store variouskinds of information about the system environment, including inventoryinformation, logs, mapping information, device health and statusinformation (e.g., resource usage and performance statistics), securityinformation, and management information. In some embodiments thedatabase may be implemented as a relational database, e.g., usingsoftware such as Microsoft SQL Server or MySQL Server.

Each computer blade 105 may execute software that enables the computerblade to interact with the primary application server 50 and hostsoftware applications with which end users interact. For example, insome embodiments each computer blade 105 may execute blade clientsoftware 12. In some embodiments, if a computer blade 105 executesvirtual machines then each virtual machine executing on the computerblade 105 may execute the blade client software 12. In some embodimentsthe blade client software 12 may be executed by both the host computerblade and by each virtual machine executing on the computer blade 105.For example, for a host computer blade 105 with 4 virtual machines, 5copies of the blade client software 12 may be executed—one for the hostcomputer blade 105 and one on each virtual machine instantiation. Inother embodiments the blade client software 12 may be executed by eachvirtual machine on a host computer blade 105 but may not be executed bythe host computer blade 105 itself.

If a computer blade 105 hosts one or more virtual machines then thecomputer blade 105 may also execute virtual machine host software thatimplements and manages the virtual machines. In various embodiments thecomputer blade 105 may execute any kind of virtual machine hostsoftware. Examples include Microsoft Virtual Server and VMware Server(or other virtualization platforms from VMWare, Inc.).

In some embodiments, the peripheral devices at each end user console 80may connect to the primary application server 50 via a device port 157.The port 157 may enable the transmission of device signals between theperipheral devices and the primary application server 50. For example,in one embodiment a port 157 may include an I-Port that allowsthin-client communication by encoding the device signals using anIP-based protocol. In another embodiment a port 157 may include a C-Portthat encodes the device signals using a protocol that enableshigh-performance graphics transmission.

In some embodiments, port software 14 may be installed on each deviceport 157 in the system. For example, where a device port 157 includes anI-Port, I-Port client software may be installed on the I-Port. Invarious embodiments, any of various I-Ports may be supported, such as18800 running Windows XPe, 18820 running Windows XPe, Eon e100 runningWindows XPe, 18020 running NeoLinux, Eon e100 running NeoLinux, CapioOne running NeoLinux, etc.

The system also includes one or more administrator consoles 70. Theadministrator console 70 provides an administrative graphical userinterface through which an administrator may manage the system, e.g., byinteracting with the system management software 10 executing on theprimary application server 50. In various embodiments the system mayinclude any number of administrator consoles 70.

The administrative graphical user interface may enable the administratorto manage the system and monitor resources in the system. For example,the administrative graphical user interface may enable the administratorto perform tasks such as: delivering software and driver updates toI/Port thin clients at the end user consoles 80; monitoring the healthand status of end user consoles, computer blades 105, primaryapplication server 50, database server 45, or other devices in thesystem; monitoring resource usage on the computer blades 105; managingvirtual machines executing on the computer blades 105; assigning virtualmachines to users; etc. The graphical user interface may provide theadministrator an at-a-glance network-wide snapshot of key resourceelements.

The administrative graphical user interface may also provide theadministrator with control over the provisioning of computer blades 105and their allocation to end user consoles 80. For example, in someapplications, limiting a user to a single computer blade 105 or virtualmachine has the potential to create imbalanced resource utilization.This is because while the same blade or virtual machine may have morethan enough capability for a light workload at a particular time, it mayprovide too little computing or memory capacity for more demanding tasksat other times.

The system may also automate a number of help desk and service tasksthat require physical intervention with traditional legacy PCs. Forinstance, if a virtual machine or blade goes down because of hardware orsoftware failures, the system's sparing functionality may automaticallyallocate a new virtual machine or blade to the end user, or may enablean administrator to quickly assign a new virtual machine or blade to theend user. Similarly, if the administrator wishes to perform maintenanceon a virtual machine or blade and needs to switch a user currentlylogged into that blade to another resource, he can do so easily usingthe system's switching-over-IP functionality.

It is noted that in some embodiments the server computer system mayinclude multiple blade computing systems. For example, the servercomputer system may include multiple cages 113, where each cage includesa plurality of computer blades 105. In one embodiment, each of the cages113 may be located physically close to each other, e.g., in the sameroom or at the same data center. In another embodiment, different cages113 may be located separately from each other. As one example, differentcages 113 may be located in different buildings of a large organization.As another example, different cages 113 may be located in differentcities or even different countries.

FIG. 4B—Server Computer System Including Multiple Standalone ServerComputers

In various embodiments the server computer system to which users connectmay include any type and number of server computers. For example, insome embodiments the server computer system may not be implemented usinga blade computing system, but may instead include a plurality ofstandalone server computers, e.g., traditional PCs. For example, FIG. 4Billustrates an example in which the server computer system includes aplurality of server computers 106. The server computers 106 may becoupled to each other and may also be coupled to a network 115. Eachserver computer 106 may execute virtual machine host software whichimplements a plurality of virtual machines executing on the servercomputer 106.

It is also noted that in various embodiments users may utilize any typeof client hardware to connect to the server computer system. Forexample, in the embodiment illustrated in FIG. 4B, each user may utilizea respective client computer system 82. Each client computer system 82may be any type of computer system, such as a PC or handheld computingdevice. A user of a respective client computer system 82 may interactwith client software in order to connect to the server computer systemthrough the network 115. In response to the user connecting to theserver computer system, the user may be assigned to one of the virtualmachines executing on one of the server computers 106.

In various embodiments, the network 115 may include any type of networkor combination of networks. For example, the network 115 may include anytype or combination of local area network (LAN), a wide area network(WAN), wireless networks, an Intranet, the Internet, etc. Exemplarylocal area networks include Ethernet networks, Fiber Distributed DataInterface (FDDI) networks, and token ring networks. Also, the servercomputers 106 and client computers 82 may each be coupled to the network115 using any type of wired or wireless connection medium. For example,wired mediums may include Ethernet, fiber channel, a modem connected toplain old telephone service (POTS), etc. Wireless connection mediums mayinclude a wireless connection using a wireless communication protocolsuch as IEEE 802.11 (wireless Ethernet), a modem link through a cellularservice, a satellite link, etc.

It is also noted that in some embodiments the server computer system mayinclude multiple groups or clusters of server computers. For example,FIG. 4C illustrates an example in which three clusters of servercomputers 82 are located in three respective data centers 17. Servercomputers 82 in different data centers 17 may communicate with eachother through a network. In some embodiments the server computers 82 indifferent data centers 17 may communicate through a Wide Area Network(WAN). For example, in some embodiments the server computers 82 indifferent data centers 17 may communicate through the Internet. Forexample, each data center 17 may be located in a different geographicallocation, e.g., a different city, country, or continent. In someembodiments, management software may execute in the server computersystem to allow an administrator to manage resources on all the servercomputers 82 in the various data centers 17 from a centraladministrative user interface.

As another example, in some embodiments the server computer system mayinclude multiple blade computing systems. For example, the servercomputer system may include a first chassis including a first pluralityof blades 105 and a second chassis including a second plurality ofblades 105. In some embodiments, different blade computing systems maybe located at different data centers 17, e.g., different geographicallocations. It is also noted that in some embodiments the system mayinclude a combination of different types of server computers. Forexample, some server computers may be implemented as computing blades105 installed in a blade computing system, and other server computersmay be implemented as standalone computers 82.

For the remainder of this disclosure, the term “server computer” mayrefer to any type of server computer in the server computer system,e.g., a computing blade 105 such as illustrated in FIGS. 1-4 or astandalone server computer 82 or PC such as illustrated in FIG. 4B.

Maintaining a Pool of Free Virtual Machines

In some embodiments, each respective server computer (e.g., blade 105 orserver computer 82) in the server computer system may be configured toexecute virtual machine host software that enables the respective servercomputer to instantiate and execute a plurality of virtual machines.Executing a plurality of virtual machines on a respective servercomputer may enable multiple users to connect to the respective servercomputer, e.g., where each user interacts with software applicationsexecuted by a respective virtual machine on the respective servercomputer.

When a user connects to the server computer system, the user may bedirected to a one of the server computers (e.g., blades 105 or servercomputers 82) in the server computer system and may be assigned avirtual machine executing on the server computer. Assigning the virtualmachine to the user may comprise enabling the user (or a client deviceused by the user) to communicate with and use the virtual machine. Theuser may interact through the network with the virtual machine, e.g., byproviding input to the virtual machine and receiving output from thevirtual machine, similarly as if interacting with a physical computer.For example the communication between the user's client device and theserver computer that executes the virtual machine may be performed usingany of various remote communication protocols or virtualizationprotocols, such as VNC, RDP, ICA, TDX, PCoIP, etc.

When the user is directed to a given server computer, if a free virtualmachine (that is, a virtual machine not already assigned to and in useby another user) is not currently executing on the server computer thenit may be necessary to first create or instantiate a new virtualmachine. Creating a new virtual machine may cause the user to experiencea delay because of the overhead involved in creating and starting thenew virtual machine. Thus, the user's experience may be improved if afree virtual machine which can be assigned to the user is alreadyexecuting on the server computer in order to avoid the need to start anew one.

However, each virtual machine in an active state of execution on theserver computer may utilize the server computer's resources, such asmemory and CPU cycles. Thus, it may be wasteful to have many freevirtual machines unnecessarily executing on the server computer whenthey are not in use.

In some embodiments, the management software for the server computersystem may enable an administrator to configure the various servercomputers in the system to maintain respective pools of free virtualmachines. For example, for a particular server computer in the system,the administrator may provide user input specifying a pool size of N,which indicates that N free virtual machines should be maintained on theparticular server computer, as indicated in block 401 of FIG. 5. Inresponse, the server computer may create and add N free virtual machinesto the pool, as indicated in block 403, e.g., where N is a numbergreater than or equal to 1. Each of the free virtual machines in thepool may be available to be assigned to a user when needed in responseto a user request to connect to the server computer. Thus, while eachvirtual machine in the pool may not currently be in use, it may be in anactive state of execution (e.g., not hibernated to disk) so that it canreadily be assigned to a user when necessary.

As indicated in block 405, the number of free virtual machines in thepool may be maintained at the pool size N as users connect anddisconnect from the server computer. For example, suppose that theserver computer receives a first request to assign a virtual machine toa first user. In response to the first request, the server computer mayassign a first virtual machine from the pool to the first user. The usermay then use the first virtual machine. For example, a remotecommunication session may be established between the server computer anda client computer system which the user is using. The client computersystem may provide input to the first virtual machine that is running onthe server computer and receive output from the first virtual machinethrough the remote communication session, e.g., using a remotecommunication protocol or virtualization protocol, such as RDP, VNC,ICA, TDX, PCoIP, etc.

Assigning the first virtual machine to the first user means that thefirst virtual machine is no longer free, since it is now being used bythe user. Thus, the first virtual machine is removed from the pool inresponse to assigning it to the user.

In order to maintain the number of free virtual machines in the pool atthe specified pool size N, the server computer may also add a new freevirtual machine to the pool to replace the first virtual machine. Insome embodiments, adding the new free virtual machine to the pool maycomprise creating the new free virtual machine and adding the new freevirtual machine to the pool. For example, the new free virtual machinemay not exist at all, or may only exist in the form of a virtual machineimage file which has not been instantiated into an active virtualmachine. In other embodiments, the new free virtual machine may alreadyexist but may be in a state of hibernation (e.g., execution of thevirtual machine may be suspended and its state information may be storedon disk). Thus, the new free virtual machine may be removed fromhibernation and returned to an active state of execution and then addedto the pool. In this manner, the server computer may maintain a pool offree virtual machines available to be assigned to users.

In other embodiments the number of free virtual machines in the pool maynot always be equal to the specified pool size of N, but may vary overtime depending on factors such as the pool size and the number of userscurrently connected to the server computer. For example, in someembodiments the server computer may be configured with a maximum numberof concurrent users, e.g., the maximum number of users that can beconnected to the server computer (assigned to virtual machines on theserver computer). In some embodiments, when a free virtual machine fromthe pool is assigned to a user, the server computer may compute adecision on whether to add a new virtual machine to the pool to replacethe one that was assigned to the user based on the maximum number ofconcurrent users, the number of users currently assigned to virtualmachines on the first server computer, and/or the pool size N.

In various embodiments, any of various algorithms may be used todetermine the number of free virtual machines that should be in the poolat any given time, e.g., where the algorithm may be based on variousparameters or conditions. FIG. 5B illustrates several examples of howthe number of free virtual machines in the pool may vary over time. Inthese examples, it is assumed that a maximum number of 4 users can beassigned to virtual machines executing on the server computer, and theserver computer has been configured with a pool size of N. (In variousembodiments a server computer may be configured to allow any maximumnumber of concurrent users.)

In the example of Table 1, at time T1 there are no active users, andthere are 2 free virtual machines in the pool. At time T2, a user hasconnected to the server computer. One of the free virtual machines inthe pool was assigned to the user, and a new free virtual machine wasadded to the pool to maintain its number at 2. At time T3, a second userhas connected to the server computer. Again, one of the free virtualmachines in the pool was assigned to the second user, and a new freevirtual machine was added to the pool to maintain its number at 2. Inthis example, the server computer may be configured to maintain thenumber of free virtual machines in the pool to be the minimum of: a) thepool size; and b) the maximum number of concurrent users (i.e., 4) minusthe number of currently active users. Thus, at time T4, after a thirduser has connected to the server computer and been assigned to one ofthe free virtual machines in the pool, the virtual machine assigned tothe third user is not replaced with a new one, so that there is now onlyone virtual machine in the pool. Similarly, at time T5, the maximumnumber of 4 users has been reached, and there are now no free virtualmachines in the pool.

Table 2 illustrates another example of an algorithm for maintaining thepool. In this example, the algorithm behaves similarly to the onedescribed above with reference to Table 1 except that a minimum of atleast one free virtual machine is kept in the pool at all times. Thus,even though the maximum number of 4 active users has been reached attime T5, there is still one free virtual machine in the pool. In variousembodiments, the minimum number may be set to values other than 1.

Various embodiments of the algorithm may use different methods to reducethe number of free virtual machines in the pool as the number ofcurrently active users nears the maximum number of concurrent users. Forexample, in Table 3 the algorithm behaves similarly as in Table 2,except that at time T4 when there are 3 active users, there is only onefree virtual machine in the pool.

Table 4 illustrates another example where the number of free virtualmachines in the pool is maintained at the pool size of 2 regardless ofhow many users are currently connected to the server computer.

When a user disconnects from the server computer, the virtual machinethat the user was previously using is now free. In some embodiments,this virtual machine may be added to the pool unconditionally inresponse to the user disconnecting. In other embodiments, the virtualmachine may only be added to the pool if it would not result in thenumber of virtual machines in the pool becoming greater than the poolsize N. In other embodiments, for example, the algorithm may allow thevirtual machine to be added to the pool even if it would cause thenumber of virtual machines in the pool to become greater than the poolsize N, unless the difference is more than a threshold maximum.

In some embodiments, if the server computer determines that the virtualmachine from which the user disconnected should not be added to the poolthen the virtual machine may be hibernated, e.g., by saving its stateinformation to disk and suspending its execution. In other embodimentsthe virtual machine may be removed from the server computer altogether,e.g., may be completely de-allocated or un-instantiated from the servercomputer.

In one embodiment the server computer may be configured with a maximumnumber M of users that can connect to the server computer at one time.In some embodiments the server computer may ensure that the currentnumber of users connected X plus the pool size N is not greater than themaximum number of users M. For example, suppose that the maximum numberof users is 5 and the pool size is 2. If there are currently 3 or fewerusers connected then the server computer may maintain a pool of 2 freevirtual machines. However, if 3 users are connected and then a 4th userconnects then the 4th user may be assigned to one of the free virtualmachines in the pool, but the server computer may not create a newvirtual machine to be added to the pool to replace the one that wasassigned to the 4th user, since only one additional user can connect tothe server computer and there is already one free virtual machine leftin the pool.

As a further illustration of the pooling technique described above,consider an example in which a server computer is configured to have amaximum of 6 users. It would be possible to have no free virtualmachines running on the server computer and instead to instantiate newvirtual machines on demand, e.g., in response to users connecting to theserver computer. However, this would require users to wait for a virtualmachine to be started up before their connection is successful.

It would also be possible to have 6 virtual machines actively executingon the server computer at all times. For example, when no users areconnected, all 6 of the virtual machines would be free; when 1 user isconnected, one of the virtual machines would be assigned to the user andthe other 5 would be free; etc. However, this may not be an efficientuse of resources because each virtual machine uses some of the computerblade's computing resources (e.g., CPU power, memory, network bandwidth,etc.) even if the virtual machine is free.

Instead, a pool of free virtual machines may be maintained at a certainsize, e.g., as described above. For example, suppose that the pool sizeis set to 1 via a Pool Size configuration value specified by anadministrator. In this example, the number of virtual machines runningat any given time on the server computer may equal the number ofcurrently connected users plus 1 (except when the maximum number ofusers are connected). When a new user connects to the server computer,one of the virtual machines in the pool may be assigned to the user.Since the virtual machine was already instantiated and in an activeexecution state before the user connected, the user may be able toquickly connect to the server computer. The size of the free virtualmachine pool may be maintained by instantiating a new virtual machineand adding it to the pool. When a user disconnects from the servercomputer, the number of free virtual machines (including the one thatwas just un-assigned from the user who disconnected) on the servercomputer may be examined. If the number of free virtual machines isgreater than the Pool Size configuration value, the appropriate numberof virtual machines may be hibernated to disk so that the number of freevirtual machines once more equals the Pool Size configuration value.

As discussed above, the server computer system may include multipleserver computers. An administrator of the server computer system may beable to utilize management software to set different pool sizes fordifferent server computers. For example, an administrative graphicaluser interface of the management software may enable the administratorto set the pool size for each server computer as desired. In response tothe user input from the administrator, the management software maycommunicate with each server computer to inform them of their respectivepool sizes.

In some embodiments, the graphical user interface of the managementsoftware may allow the administrator to set a global Pool Sizeconfiguration value for all the server computers in the system. Forexample, the administrator may specify a system-wide pool size of 4 forall server computers. In other embodiments, different pool sizes may beset for different server computers. In one embodiment, the servercomputers may be grouped into two or more groups. For each group, theadministrator may be able to specify a respective group pool size forall the server computers in a particular group. If a global pool sizewas set and a group pool size is also set then the group pool size mayoverride the global pool size. In some embodiments the administrator mayalso be able to set pool sizes for individual server computers. If aglobal pool size or group pool size is set then the individual pool sizespecified for a particular server computer may override these global andgroup settings.

Dedicated Virtual Machines

In some embodiments, virtual machines may be used by multiple users. Forexample, suppose that a user A connects to a particular server computerof the server computer system, and a particular virtual machine isassigned to the user A. Once the user A is done, he may disconnect fromthe particular server computer. The particular virtual machine may thenbecome available for use by other users. For example, if a user Bsubsequently connects to the particular server computer, the samevirtual machine that user A was previously using may be assigned to theuser B.

In other embodiments, it may be desirable to associate a particularvirtual machine with a particular user on an exclusive basis, e.g., sothat only the particular user can use the particular virtual machine.FIG. 6A is a flowchart diagram illustrating one embodiment of a methodfor associating a virtual machine with a user on an exclusive basis.

In block 431, a first virtual machine may be created on a particularserver computer. For example, virtual machine hosting software executingon the particular server computer may create the first virtual machine.

In 433, an administrative user interface of management software formanaging the server computer system may be displayed. The administrativeuser interface may enable an administrator to configure operation of thevarious server computers in the server computer system. In particular,the administrative user interface may enable the administrator toassociate particular virtual machines with particular users on anexclusive basis. For example, the user interface may enable theadministrator to select a particular server computer and view a list ofvirtual machines that have been created on the particular servercomputer. The user interface may also enable the administrator to selecta first virtual machine from the list of virtual machines, select afirst user from a plurality of users defined in the system, and requestthat the first virtual machine be associated with the first user on anexclusive basis.

As indicated in 435, in response to the administrator's user input tothe user interface, the system may store information indicating that thefirst virtual machine is exclusively associated with the first user,e.g., indicating that users other than the first user cannot use thefirst virtual machine.

FIG. 6B is a flowchart diagram illustrating one embodiment of a methodfor assigning the first virtual machine to the first user after thefirst virtual machine has been exclusively associated with the firstuser. As indicated in block 441, a first request from the first user toconnect to the server computer system may be received. The system maydetermine that the first virtual machine is associated with the firstuser on the exclusive basis (e.g., by accessing the information storedin block 435) and assign the first virtual machine to the first user inresponse to the first request, as indicated in blocks 443 and 445.Assigning the first virtual machine to the first user enables the firstuser to communicate with and use the first virtual machine, e.g.,through a remote communication session with the first user's clientdevice.

In some embodiments, the first user's request to connect may be sentdirectly from the first user's client device to the server computer onwhich the first virtual machine is defined. In other embodiments, therequest may be first sent to another server computer in the servercomputer system and then relayed to the server computer on which thefirst virtual machine is defined. For example, the server computersystem may include a login server which is configured to receiveconnection requests and direct the requests to the appropriate servercomputers in the system. For example, the login server may access thestored information indicating that the first virtual machine isexclusively associated with the first user, and in response may directthe user's connection request to the server computer on which the firstvirtual machine executes.

Once the first virtual machine has been assigned to the first user, thefirst user can begin using the first virtual machine. For example, theuser may execute software programs on the first virtual machine, accessdata stored on the first virtual machine, etc. Communication between theuser's client device and the server computer on which the first virtualmachine executes may be performed using any of various remotecommunication protocols or virtualization protocols, such as VNC, RDP,ICA, TDX, PCoIP, etc. When the user is finished using the first virtualmachine, the user may request to disconnect from the server computersystem, as indicated in block 447. In response to the user's request todisconnect, the first virtual machine may be de-assigned from the firstuser, e.g., where the de-assigning indicates that the first virtualmachine is no longer in use by the first user. (It is noted that thefirst virtual machine remains exclusively associated with the first usereven after the first virtual machine is de-assigned from the firstuser.)

However, in some embodiments the first virtual machine may not beremoved from the server computer after the first virtual machine hasbeen de-assigned from the first user. Instead, the server computer maycontinue to maintain the first virtual machine so that it is availablefor future connections by the first user. In some embodiments the servercomputer may maintain the first virtual machine in an active state ofexecution. In other embodiments, execution of the first virtual machinemay be suspended, and the first virtual machine may be hibernated todisk.

Other users who connect to the server computer may be prevented fromusing the first virtual machine. For example, as noted above, when thefirst virtual machine is associated with the first user on the exclusivebasis, the server computer system may store information indicating thatonly the first user can use the first virtual machine. Thus, if anotheruser connects to the server computer, the other user may be assigned avirtual machine other than the first virtual machine that is exclusivelyassociated with the first user.

In some embodiments, the first virtual machine may be maintained so thatwhen the first user subsequently connects to it again, the first virtualmachine is in the same state as it was when the first user previouslydisconnected. In some embodiments, when the first virtual machine isde-assigned from the first user, the first virtual machine may remain inan active state of execution on the server computer. For example,although the first virtual machine may be in an idle state, the firstvirtual machine may still be actively executed by the virtual machinehost software. In other embodiments, when the first user is de-assignedfrom the first virtual machine, the first virtual machine may behibernated so that it is no longer in an active state of execution.

FIG. 6C is an example illustrating a plurality of virtual machines (VMs)60 on a particular server computer in the server computer system. TheVMs 60 that are shown are those that are currently unassigned, i.e.,currently not in use by any user. The VMs 60A, 60B, and 60C are in anactive state of execution, and the VMs 60D and 60E are in a state ofhibernation. In this example, the VM 60A has been associated with a UserA on an exclusive basis, and the VM 60D has been associated with a UserB on an exclusive basis. Thus, users other than the User A are preventedfrom using the VM 60A, and users other than the User B are preventedfrom using the VM 60B. The other VMs 60 are shared virtual machines thathave not been exclusively assigned to any user and may be used by anyuser in the system.

In this example, the User A may have previously connected to and usedthe VM 60A. Although the User A subsequently disconnected from the VM60A, the VM 60A remains in an active state of execution in this example.Thus, if the User A subsequently re-connects to the server computersystem then the VM 60A may again be assigned to the User A, and the UserA may not need to wait for it to be loaded since it is already in astate of active execution.

Suppose now that the server computer system receives a connect requestfrom the User B. The system may access stored information to determinethat the VM 60B is exclusively associated with the User B and may assignthe VM 60B to the User B. However, since the VM 60B is in a state ofhibernation, in some embodiments the User B may need to wait while theVM 60B is returned to a state of active execution. In other embodimentsthe system may receive user input from the User B indicating that it ispermissible to assign a virtual machine other than the VM 60B to theUser B. For example, in some embodiments a login screen may be displayedon the User B's client device when the User B logs in, where the loginscreen allows the User B to select an option specifying that if the UserB's exclusive VM 60B is not currently loaded then it is acceptable toassign a different VM 60 to the User B. In other embodiments, afterdetermining that the VM 60B is currently hibernated, the system mayprompt the User B to specify whether he wants to wait while the VM 60Bis loaded or wants another active VM 60 to be immediately assigned tohim.

If the User B chooses to be assigned to a different VM 60 then thesystem may select one of the shared virtual machines that are currentlyunassigned and in an active state of execution, and assign the User B tothe selected VM 60, e.g., either the VM 60B or 60C in this example.

It is possible that in some situations the virtual machine exclusivelyassigned to a particular user may not be currently loaded when the userattempts to connect to the system, and no other shared virtual machinesmay be available on the particular server computer which hosts theuser's exclusive virtual machine. For example, the particular servercomputer may have already reached a maximum number of concurrent usersallowed. In this situation the system may be operable to transfer theuser's exclusive virtual machine to a different server computer in theserver computer system, e.g., using techniques such as described below.

Consider an embodiment in which a particular server computer maintains apool of free virtual machines of a particular pool size N, as describedabove. In some embodiments, when a user with an exclusive virtualmachine disconnects from the server computer, the user's exclusivevirtual machine may be hibernated to disk so that the number of freevirtual machines does not exceed the configured pool size. Thus, if theuser reconnects, the user may need to wait until the first virtualmachine is retrieved from disk.

In other embodiments, an exclusive virtual machine (i.e., a virtualmachine that is associated with a user on an exclusive basis) may not becounted in the total of free virtual machines in the pool. In otherembodiments, an exclusive virtual machine may be counted in the total offree virtual machines in the pool, but the server computer may beconfigured to replace a non-exclusive (shared) virtual machine in thepool of free virtual machines with the exclusive virtual machine inresponse to a user of the exclusive virtual machine disconnecting fromthe server computer. In either of these embodiments, the exclusivevirtual machine may be ready when the user re-connects so that the userdoes not have to wait for the exclusive virtual machine to be ready.

As noted above, the system may provide the user with a choice, e.g., viaa graphical user interface, to either wait for his exclusive virtualmachine to be loaded or to be assigned a shared virtual machine.However, the system preferably would not assign a user who has anexclusive virtual machine to a shared virtual machine without firstreceiving the user's approval.

In some embodiments, the system may support different classes of users,e.g., Exclusive users and Non-Exclusive users. Each user in theExclusive class may be assigned a virtual machine on an exclusive basiswhen the user first connects to the system, whereas Non-Exclusive usersare assigned to shared virtual machines on a non-exclusive basis.

Associating virtual machines with users on an exclusive basis may allowcomplete user-based isolation of applications and data stored on avirtual machine. Each user can be an exclusive owner of his virtualmachine so that the user's virtual machine is never re-used by otherusers. In various embodiments, associating a virtual machine with a useron an exclusive basis may also ensure conditions such as:

-   -   A particular application license is only used by a particular        user    -   Data stored on a particular virtual machine is in no way        accessible to anyone else    -   Personalization and Internet cache data as well as other privacy        items are not accessible to any user other than the exclusively        assigned user    -   Any temporary files or other scratch space can in no way be        accessed and reverse engineered for data theft    -   Operating system features such as System Restore operate within        the context of a single user (not multiple users making changes        to the system in a way that makes System Restore unviable).

Physical Computer Assigned to User

As discussed above, in some embodiments of the server computer system,various server computers in the system may each execute one or morevirtual machines. When a user connects to the server computer system,the user may be assigned one of the virtual machines for his use.

In other embodiments, instead of being assigned a virtual machine, theuser may be assigned one of the physical server computers. For example,a given server computer in the system may not implement a virtualizationplatform that allows multiple users to use the server computer'sresources. Instead, the entire physical server computer may be dedicatedto a single user.

In some embodiments the physical server computers may be shared amongdifferent users. For example, one user may connect to the system and maybe assigned a particular physical server computer. After finished usingthe physical server computer, this user may disconnect from the system.Another user may then connect to the system can be assigned the samephysical server computer.

In other embodiments a physical server computer may be assigned to asingle user on an exclusive basis, similarly as described above withrespect to a virtual machine being assigned to a single user on anexclusive basis.

The server computer system may implement a connection broker which isoperable to assign computers to users as they connect to the system. Insome embodiments the connection broker may be operable to assign bothvirtual machines and physical computers to users. For example, theconnection broker may use various criteria in order to decide whether toassign a user a virtual machine or a physical computer, and to decidewhich virtual machine or which physical computer to assign to the user.For example, the connection broker may base the decision on factors suchas the currently available resources of the computers in the system andthe geographic location of the user with respect to the computers.

The connection broker may also select a virtual machine or a physicalcomputer to assign to a particular user in response to configurationinformation previously specified by an administrator. For example, anadministrator of the server computer system may use an administrativeuser interface to specify an association of a particular virtual machineor a particular physical computer with a particular user. Informationspecifying the association may be stored in a database accessible by theconnection broker. When the user attempts to log on to the system, theconnection broker may access the information stored in the database inorder to automatically determine which virtual machine or physicalcomputer should be assigned to the user. Thus, the user may not need toinform the server computer system of the virtual machine or physicalcomputer that is associated with the user, but instead, the system mayautomatically determine this based on the association information storedin the database. Thus, when the user logs on to the system, the user maynot need to provide input specifying a particular virtual machine orphysical computer to be assigned to the user.

Transferring Virtual Machines Across Server Computers

In some embodiments it may be desirable to transfer or move a virtualmachine from one server computer in the server computer system toanother server computer in the server computer system. For example,where the server computer system includes a blade computing system, itmay be desirable to transfer a virtual machine executing on onecomputing blade 105 to another computing blade 105. As another example,where the server computer system includes a plurality of standaloneserver computers or PCs 82 connected via a network, it may be desirableto transfer a virtual machine executing on one server computer 82 toanother server computer 82.

FIG. 7A is a flowchart diagram illustrating one embodiment of a methodfor transferring a virtual machine from one server computer to another.

In 501, a first virtual machine on a first server computer in the servercomputer system may be selected for transfer. In some embodiments thefirst virtual machine may currently be executing on the first servercomputer. In this case, the first virtual machine may be hibernated inresponse to being selected for transfer, as shown in block 502.Hibernating the first virtual machine may comprise pausing or suspendingexecution of the first virtual machine and storing state informationrepresenting the current state of the first virtual machine (e.g., stateinformation representing the state of the first virtual machine as itexists the moment before it is paused or suspended). For example, thestate information may be stored as one or more files on non-volatilestorage, such as a disk drive of the first server computer, or othernon-volatile storage in the server computer system.

The goal of hibernating the first virtual machine is to pause or suspendthe execution of the first virtual machine without completely shuttingdown the first virtual machine. Thus, hibernating the first virtualmachine may not include completely shutting down the first virtualmachine. For example, when the first virtual machine is hibernated, ashutdown procedure that would typically be performed in order tocompletely shut down the first virtual machine may not be performed.Instead, the execution of the first virtual machine may be paused orsuspended so that the first virtual machine is no longer in an activestate of execution (e.g., no longer being actively executed within thevirtualization environment), and the state information representing thecurrent state of the first virtual machine may be stored.

When execution of a virtual machine is initiated, the virtual machine istypically instantiated from a virtual machine image file. For example,the virtualization environment that hosts the virtual machine may readthe virtual machine image file from a disk drive and create informationin RAM which represents the virtual machine in an active state ofexecution. The virtual machine image file may be constructed accordingto a particular virtual machine image format supported by a particularvirtualization environment or particular virtual machine host software.In some embodiments, hibernating the first virtual machine may includecreating a virtual machine image file representing the first virtualmachine in its current state, or updating a virtual machine image filefrom which the first virtual machine was previously instantiated so thatthe virtual machine image file represents the current state of the firstvirtual machine as it exists at the time the first virtual machine ishibernated. In other embodiments, hibernating the first virtual machinemay include storing state information representing the current state ofthe first virtual machine separately from the virtual machine image filefrom which the first virtual machine was previously instantiated.

In other embodiments, at the time the first virtual machine is selectedfor transfer in block 501, the first virtual machine may already behibernated. In this case, the disk drive of the first server computermay already store state information representing the first virtualmachine in its suspended state, and it may not be necessary to performblock 502.

In 503, a second server computer to which to transfer the first virtualmachine may be selected. For example, in one embodiment the first servercomputer may be a first computer blade 105 installed in a chassis 113,and the second server computer may be a second computer blade 105installed in the chassis 113. In another embodiment the second servercomputer may be a second computer blade 105 installed in a differentchassis 113 from the first computer blade 105.

In another embodiment the first server computer may be a firststandalone server computer or PC 82, and the second server computer maybe a second standalone server computer or PC 82. In another embodimentthe first server computer may be a first standalone server computer orPC 82, and the second server computer may be a computer blade 105installed in a chassis 113, or vice versa.

As indicated in block 505, in some embodiments the hibernatedinformation representing the first virtual machine may be transmittedfrom the first server computer to the second server computer. Forexample, transmitting the hibernated information may includetransmitting a virtual machine image file representing the first virtualmachine in its current state and/or transmitting other state informationrepresenting the first virtual machine.

In some embodiments, the hibernated information may initially be storedon a local disk drive or other storage device of the first servercomputer, and the hibernated information may be transmitted for storageon a local disk drive or storage device of the second server computer.In some embodiments the file system in which the hibernated informationis stored on the first server computer may be accessible by the secondserver computer. For example, in some embodiments the first servercomputer and the second server computer may both be included in a localarea network (LAN) such that both server computers have access to acommon file system. As another example, the second server computer maybe connected through a virtual private network (VPN) to the first servercomputer or to a LAN that includes the first server computer or thatincludes a storage device on which files for the first server computerare stored. Thus, in some embodiments the one or more files representingthe hibernated information may be copied to the second server computerthrough a file system copy operation or a VPN copy operation.

In other embodiments the file system of the first server computer maynot be accessible by the second server computer. For example, the secondserver computer may not be included in the LAN of the first servercomputer and may not be connected to the LAN through a VPN. Thus, thesecond server computer may not have file system access to the one ormore files representing the hibernated information of the first virtualmachine. In this case, the first server computer and the second servercomputer may communicate through a network in order to transfer thehibernated information representing the first virtual machine to thesecond server computer.

In some embodiments the second server computer may be connected to thefirst server computer through a wide area network (WAN) connection,and/or the second server computer may be separated from the first servercomputer by one or more firewalls. In this case, the first servercomputer and the second server computer may communicate using acommunication protocol that enables the hibernated information to betransferred from the first server computer to the second server computerthrough the WAN connection and/or through the one or more firewalls. Forexample, in some embodiments the first server computer and the secondserver computer may communicate using a common communication protocol,such as HTTP, HTTPS, or FTP to transmit the hibernated information ofthe first virtual machine to the second server computer.

In other embodiments, when the first virtual machine is hibernated inblock 502, the hibernated information representing the first virtualmachine may be stored on a storage device accessible by both the firstserver computer and the second server computer, such as a networkattached storage (NAS) or storage area network (SAN). In this case, itmay not be necessary to perform block 505, since the second servercomputer can access the hibernated information from the NAS or SAN.

As indicated in block 507, after the hibernated information representingthe first virtual machine has been transmitted to the second servercomputer, the second server computer may begin executing the firstvirtual machine, e.g., under control of a virtualization environment orvirtual host software. For example, the first virtual machine may beinstantiated on the second server computer using the virtual machineimage file and/or the other state information representing the firstvirtual machine transmitted in block 505. As noted above, the hibernatedinformation includes state information representing the state of thefirst virtual machine as it existed on the first server computer themoment before it was hibernated. Thus, the state information may be usedto set the first virtual machine on the second server computer into anidentical state as it existed on the first server computer or tore-create an execution state of the first virtual machine on the secondserver computer such that the execution state is identical to how it wason the first server computer.

Since the first virtual machine was not completely shut down on thefirst server computer when it was hibernated, it may not be necessary toperform a complete startup procedure for the first virtual machine onthe second server computer. Instead, the first virtual machine maysimply be removed from its state of hibernation and returned to anactive state of execution under control of the virtualizationenvironment on the second server computer. This may enable execution ofthe first virtual machine on the second server computer to begin quicklyand may enable the preservation of the state of the first virtualmachine.

In some embodiments, the method described above may be performed inresponse to receiving a request to move execution of the first virtualmachine from the first server computer to the second server computer.For example, the first virtual machine may be in an active state ofexecution on the first server computer, and a user at a remote clientcomputer may have a first remote communication session open to the firstvirtual machine on the first server computer. In one embodiment, anadministrator of the server computer system may utilize anadministrative user interface in order to request that execution of thefirst virtual machine be transferred to the second server computer. Inresponse, the first virtual machine may be transferred to the secondserver computer, and the second server computer may resume execution ofthe first virtual machine, as described above.

In this example, the first remote communication session between the userat a remote client computer and the first server computer may beautomatically replaced with a second remote communication sessionbetween the remote client computer and the second server computer. Oncethe second server computer has begun executing the first virtual machineand the second remote communication session has been established, theuser may interact with the first virtual machine just as the user wasdoing previously, except that now the communication with the firstvirtual machine occurs between the user's client computer and the secondserver computer instead of between the user's client computer and thefirst server computer. In some embodiments, the first virtual machinemay appear to the user to be exactly the same as before it wastransferred to the second server computer, and the user may not notice adifference in the first virtual machine regardless of which servercomputer executes the first virtual machine.

In some embodiments the transfer of the first virtual machine may betransparent to or unnoticed by the user of the remote client computer.For example, in some embodiments the user may not be aware of thetransfer. In other embodiments the user may notice a delay as thetransfer takes place, or the server computer system may communicate withthe client software on the remote client computer to cause the clientsoftware to display information informing the user that the transfer istaking place and to expect a delay as it occurs.

In other embodiments, the user himself may initiate the transfer of thefirst virtual machine from the first server computer to the secondserver computer. For example, in some embodiments the client software onthe remote client computer may include a feature that enables the userto request that the first virtual machine which he is using betransferred to a different server computer. For example, if the user isexperiencing an unusual delay in the communication with the firstvirtual machine and believes that the delay may be caused by networklatency between the client computer and the first server computer, or ifthe user believes that the delay may be caused by the first servercomputer being overloaded, then the user may request that his firstvirtual machine be transferred to a different server computer. Inresponse, the server computer system may transfer the first virtualmachine to the second server computer, as described above.

Alternatively, in another embodiment, the user may use a feature of theclient software in order to inform an administrator of the servercomputer system that the user is experiencing poor performance. Inresponse to receiving the notification, the administrator may use anadministrative user interface provided by management software for theserver computer system in order to view server computers present in thesystem and to select a different server computer to which the firstvirtual machine should be transferred. For example, the administrativeuser interface may display information indicating resource usage andperformance statistics of the various server computers in the system,and the administrator may select the second server computer to which tomove the first virtual machine based on its resource usage, e.g., mayselect a server computer that appears to have ample free memory,available processor power, available network bandwidth, or other freeresources which may improve the user's experience.

In another embodiment, the administrative user interface may displayinformation indicating network locations or geographic locations of thevarious server computers in the server computer system, and theadministrator may select the second server computer to which to move thefirst virtual machine based on its location. For example, theadministrator may select a second server computer which isgeographically closer to the user's client computer than the firstserver computer.

Alternatively, in some embodiments, the server computer system may beconfigured to automatically keep track of resource usage and performancestatistics of the various server computers in the system and mayautomatically move various virtual machines between server computers inorder to load balance the system. In other embodiments the servercomputer system may be configured to automatically keep track of networklatency experienced by the user, and may automatically move the user'svirtual machine to a different server computer if the system detectsthat the user is experiencing an unusually slow network latency. Inother embodiments the server computer system may automatically transferthe user's virtual machine to a different server computer if the systemdetects that the first server computer is overloaded, e.g., if itsmemory, disk space, processor power, network bandwidth, or otherresources are running low. In other embodiments the server computersystem may be configured to automatically determine the geographicalproximity between the user's client computer and the first servercomputer that initially hosts the user's virtual machine, and mayautomatically move the user's virtual machine to the second servercomputer if the system determines that the second server computer iscloser to the user's client computer.

Thus, in some embodiments, the first virtual machine may be activelyexecuting on the first server computer, and the method described abovemay be performed in order move the first virtual machine to the secondserver computer. Once the first virtual machine has been transferred,its execution may be automatically resumed on the second servercomputer.

In other embodiments, the first virtual machine may not be activelyexecuting on the first server computer before being moved to the secondserver computer, but may instead be in a state of hibernation on thefirst server computer. In this case, when the first virtual machine hasbeen transferred to the second server computer, the second servercomputer may not automatically begin executing the first virtualmachine. Instead, the first virtual machine may remain in a state ofhibernation on the second server computer until subsequently beingreturned to active execution in response to a subsequent event, such asa request to re-activate the first virtual machine being received.

Transfer Across Different Virtualization Platforms

As described above, various server computers in the server computersystem may execute virtualization environment software (also referred toherein as a hypervisor, or virtual machine host software, orvirtualization platform). The virtualization environment softwareexecuting on a particular server computer may implement a virtualmachine execution environment so that one or more virtual machines canbe created and executed within the virtual machine execution environmenton the particular server computer.

In various embodiments each server computer in the server computersystem may execute any type of virtualization environment software. Manydifferent implementations of virtualization environments arecommercially available from various software vendor companies. Oneexample of a virtualization environment software platform that may beexecuted by a server computer in the server computer system is MicrosoftVirtual Server by Microsoft Corp. Other examples include ESX Server,Virtual Server, Workstation, and ACE by VMWare, Inc. It is noted thatthese are listed as examples only, and in other embodiments, the servercomputers and the server computer system may execute any of variousother kinds of virtualization environment software platforms provided byor sold by any of various other organizations or software vendors.

In some embodiments, different server computers in the server computersystem may execute different types of virtualization platforms. Forexample, in some embodiments one or more of the server computers mayexecute the VMWare ESX Server virtualization platform, and one or moreother server computers may execute a different VMWare virtualizationplatform, such as Workstation or ACE. As another example, in someembodiments one or more of the server computers may execute the VMWareESX Server virtualization platform, and one or more other servercomputers may execute the Microsoft Virtual Server virtualizationplatform.

Virtual machines for different virtualization platforms may not becompatible with each other. For example, a virtual machine image formatused by one virtualization platform may not be supported by anothervirtualization platform. For example, the VMWare ESX Servervirtualization platform typically cannot execute a virtual machinecreated by the Microsoft Virtual Server virtualization platform, andvice versa.

Thus, in some embodiments, in order to move a virtual machine from afirst server computer to a second server computer that uses a differentvirtualization platform, it may be necessary to use techniques otherthan transferring the virtual machine image file used by the firstserver computer to the second server computer, and the second servercomputer instantiating the virtual machine from the virtual machineimage file. Instead, in these cases, the alternative method illustratedin FIG. 7B may be used in order to move execution of a virtual machinefrom the first server computer to the second server computer.

For example, suppose that a first virtual machine 60A executing within afirst virtualization platform 63A on a first server computer 82A needsto be moved to a second server computer 82B. As indicated in block 517of FIG. 7B, snapshot information 64 for the first virtual machine 60Amay be created. The snapshot information 64 represents the state of thefirst virtual machine 60A. In various embodiments, the snapshotinformation 64 may include any of various types of informationrepresenting the state of the first virtual machine 60A.

For example, FIG. 7D illustrates an example where the snapshotinformation 64 includes application state information 65. At the timethe snapshot information 64 is created, one or more softwareapplications may currently be executing on the first virtual machine60A. The application state information 65 may include informationrepresenting the execution state of each of these software applicationsexecuting on the first virtual machine 60A. For example, suppose that afirst software application is executing on the first virtual machine60A. The application state information 65 may include informationindicating program instructions and data for the first softwareapplication currently stored in the memory of the first virtual machine60A.

As another example, the snapshot information 64 may include memory stateinformation 67. The memory state information 67 may represent thedynamic memory contents of the first virtual machine 60A as the contentsexist at the time the snapshot information 64 is created.

As another example, the snapshot information 64 may include networkstate information 66. The network state information 66 may represent thestates of network connections that are currently open by the firstvirtual machine 60A at the time the snapshot information 64 is created,or other information representing network communication performed by thefirst virtual machine 60A.

As another example, the snapshot information 64 may include userinterface state information 68. The user interface state information 68may include information representing a state of the user interfaceimplemented by the first virtual machine 60A. For example, at the timethe snapshot information 64 is created, a user of a remote clientcomputer may have a remote communication session opened to the firstvirtual machine 60A. Through the remote communication session, the firstvirtual machine 60A may display one or more graphical user interfacewindows on the display of the remote client computer. The user interfacestate information 68 may include information representing the state ofeach graphical user interface window. For example, suppose that a firstgraphical user interface window is currently displayed on the clientcomputer. The user interface state information 68 may includeinformation regarding the first graphical user interface window, such asinformation indicating whether the window is maximized or minimized, thesize of the window, the position of the window on the display, etc.

In some embodiments, execution of the first virtual machine 60A may bepaused just prior to creating the snapshot information 64. This mayenable the entire state of the first virtual machine 60A to be capturedin the snapshot information 64 in a consistent manner, e.g., without thestate of the first virtual machine 60A changing while the snapshotinformation 64 is being created.

As indicated in block 519, the snapshot information may be transmittedfrom the first server computer to the second server computer. In someembodiments, the virtual machine image file for the first virtualmachine 60A may not be transmitted to the second server computer. Forexample, the snapshot information created in block 517 may be stored onthe first server computer 82A separately from the virtual machine imagefile and transmitted separately to the second server computer 82B.However, similar techniques as described above for transmitting thevirtual machine image file in the method of FIG. 7A may be used totransmit the snapshot information to the second server computer 82B. Forexample, in some embodiments the second server computer 82B may beconnected to the first server computer 82A through a wide area network(WAN) connection, e.g., through the Internet. A common communicationprotocol such as HTTP, HTTPS, or FTP may be used to transmit thesnapshot information without requiring the second server computer 82B tobe connected to the first server computer 82A through a LAN or VPN.

After the snapshot information has been transmitted to the second servercomputer 82B, a second virtual machine 60B may be created on the secondserver computer 82B within a second virtualization platform 63B, and thestate of the second virtual machine 60B may be set using the snapshotinformation, as indicated in blocks 521 and 523. As discussed above, thesecond virtualization platform 63B may be a different type than thefirst virtualization platform 63A on the first server computer 82A.Thus, the second virtual machine 60B may not be created from the virtualmachine image file that implements the first virtual machine 60A on thefirst server computer 82A. Instead, the second virtual machine 60B maybe created by the second virtualization platform 63B as a different typeof virtual machine (i.e., a virtual machine supported by the secondvirtualization platform 63B), and then the state of the second virtualmachine 60B may be set so that it appears to the user to be the same asthe first virtual machine 60A. The remote communication session that waspreviously open between the user's client computer and the first servercomputer 82A may be replaced by a new remote communication sessionbetween the user's client computer and the second server computer 82B.

Since the state of the second virtual machine 60B is set using thesnapshot information 64, it may appear to the user that he is stillusing the same virtual machine as before. In some embodiments, the usermay not be aware that his virtual machine was moved to the second servercomputer 82B, and may not be aware that the virtual machine has beenre-created in a different virtualization platform.

For example, as noted above, the snapshot information 64 may includeapplication state information 65 representing the execution state of afirst software application that was executing on the first virtualmachine 60A when the snapshot information 64 was created. Thus, settingthe state of the second virtual machine 60B in block 523 may includeinitiating execution of the first software application on the secondvirtual machine and setting the execution state of the first softwareapplication on the second virtual machine to the state specified by theapplication state information 65. Thus, the user may see the same opensoftware applications on the second virtual machine and may continue tointeract with the open software applications just as he was previouslydoing on the first virtual machine.

As another example, setting the state of the second virtual machine 60Bin block 523 may include storing the memory contents, e.g., programinstructions and data, there were stored in the dynamic memory of thefirst virtual machine 60A in the dynamic memory of the second virtualmachine 60B, using the memory state information 67.

As another example, setting the state of the second virtual machine 60Bin block 523 may include setting the network communication state of thesecond virtual machine 60B using the network state information 66. Forexample, if the first virtual machine 60A had a network connection openwith a particular server computer then a corresponding networkconnection to the particular server computer may be opened on the secondvirtual machine 60B.

As another example, setting the state of the second virtual machine 60Bin block 523 may include setting the user interface state of the secondvirtual machine 60B using the user interface state information 68. Forexample, if a graphical user interface window was open on the userinterface of the first virtual machine 60A then an identicalcorresponding graphical user interface window may be opened on the userinterface of the second virtual machine 60B and positioned in the sameplace on the display.

FIG. 7C illustrates an example of a system which may implement themethod of FIG. 7B according to one embodiment. The first server computer82A executes software implementing a first virtualization platform 63A.The first virtual machine 60A executes within the first virtualizationplatform 63A. In this example, the first virtual machine 60A includes asoftware agent 61. The software agent 61 may be a software program thatexecutes on the first virtual machine 60A to create the snapshotinformation, as discussed above with reference to block 517. Forexample, the software agent 61 may analyze the contents of the firstvirtual machine 60A's memory or other information maintained by thefirst virtual machine 60A in order to create the snapshot informationrepresenting the state of the first virtual machine 60A. In otherembodiments, the software that creates the snapshot information 64 inblock 517 may not execute within the first virtual machine 60A itself.For example, in some embodiments the snapshot information 64 may becreated by the first virtualization platform 63A, or another softwareprogram executing under control of the first virtualization platform63A.

The second server computer 82B executes software implementing a secondvirtualization platform 63B. The second virtual machine 60B executeswithin the second virtualization platform 63B. In this example, thesecond virtual machine 60B includes a software agent 62. The softwareagent 62 may be a software program that executes on the second virtualmachine 60B in order to set the state of the second virtual machine 60Busing the snapshot information 64, as discussed above with reference toblock 523. For example, the software agent 62 may analyze the snapshotinformation 64 and use the snapshot information 64 to set the contentsof the second virtual machine 60B's memory or set other configuration orstate information for the second virtual machine 60B, e.g., in order toconfigure the state of a second virtual machine 60B as described above.

In some embodiments an administrator may actively cause the execution ofthe virtual machine to be moved. For example, in some embodiments themethod of FIG. 7B may be performed in response to user input by theadministrator. The administrator may communicate with managementsoftware through an administrative graphical user interface. Forexample, the graphical user interface may display a list of servercomputers in the server computer system. The administrator may selectthe first server computer from the displayed list. In response, themanagement software may display a list of all virtual machines on thefirst server computer. The administrator may select the first virtualmachine from the displayed list. Similarly, the administrator may alsointeract with the administrative graphical user interface to select thesecond server computer to which the transfer the first virtual machine(or the second server computer on which a virtual machine correspondingto the first virtual machine should be created).

In other embodiments execution of the first virtual machine mayautomatically be transferred from the first server computer to thesecond server computer, e.g., may be transferred without anadministrator requesting the transfer. For example, the systemmanagement software 10 may cause virtual machines to be automaticallytransferred across server computers in order to increase the efficiencyof resource utilization of server computers in the server computersystem.

Consider an example in which an organization has a system that includesa first server computer at a location in California and a second servercomputer at a location in Japan. An employee E may be based at thelocation in California but may travel to Japan. The employee E may loginto a thin client end user console 80 at the Japan location, and thesystem may assign a virtual machine to him. The system may storeinformation indicating that he is normally based in California and mayassign a virtual machine hosted by the server computer at the Californialocation to him. As another example, an exclusive virtual machine may beassigned to him, where the exclusive virtual machine is hosted by theserver computer at the California location.

However, since the employee E is currently located in Japan, it may bemore efficient if the virtual machine assigned to him were hosted by theserver computer at the Japan location. With the transfer capabilitydescribed above, an administrator or an automated algorithm may allowthe virtual machine assigned to the user to be moved from the Californialocation to the Japan location.

In other embodiments, additional variables may be considered, such asensuring that the virtual machine is close to a database server, if theuser needs to execute a database intensive application. Thus, in variousembodiments, virtual machines may be moved across server computers inthe system for any of various reasons, such as security, speed,efficiency or cost (e.g. minimizing expensive bandwidth) reasons.

Auto-Hibernation of Inactive Virtual Machines

In some embodiments, an end user may stop using the system but may notdisconnect or log out from the system. If the user's virtual machinecontinues to execute, this may cause CPU power, memory, or othercomputing resources to be used unnecessarily. FIG. 8 is a flowchartdiagram illustrating one embodiment of a method for automaticallyhibernating an inactive virtual machine.

As indicated in 551, a first virtual machine may be assigned to a firstuser, e.g., in response to the user logging in to the system.

As indicated in 553, the first user may stop using the first virtualmachine after some period of time but may not disconnect from the firstvirtual machine. For example, the user may forget to log out of thesystem or may be called to another task.

As indicated in 555, the system may detect that the first virtualmachine assigned to the first user is no longer in active use. Forexample, the system may determine that no user input has been receivedfrom peripheral devices at the first user's console for a thresholdperiod of time or may use other techniques to determine that the firstvirtual machine is not actively being used. In various embodiments, anyof various algorithms or heuristics may be used to determine whether thefirst virtual machine is in active use. The threshold time period orother factors used to determine inactivity may be configured in responseto user input by an administrator.

As indicated in 557, in response to determining that the first virtualmachine is not in active use, the system may cause the first virtualmachine to be automatically hibernated. Hibernating the first virtualmachine may free computing resources used by the first virtual machineso that they are available for use by active virtual machines.

In some embodiments, each user may be assigned a configuration variablethat specifies whether the user is allowed to run disconnected virtualmachines. A numeric value associated with the configuration variable mayspecify the number of simultaneous, disconnected virtual machines theuser is allowed to run. For example, if a user has a value of 3associated to him, the first 3 virtual machine sessions he creates andthen disconnects will continue to run. If he runs a fourth session anddisconnects then the fourth virtual machine may be automaticallyhibernated after an inactivity period.

Client-Side Execution

As described above, in some embodiments of the system, a user of aclient computer may connect to a server computer on which a virtualmachine is stored. The virtual machine may execute on the servercomputer under control of virtual machine host software (e.g., ahypervisor), and the client computer may provide input to the virtualmachine and display output from the virtual machine using acommunication protocol which enables communication between the clientcomputer and the remote virtual machine.

In other embodiments it may be desirable to execute a virtual machinelocally on a user's client computer. For example, in some embodimentsthe client computer may execute client software that includes ahypervisor or virtual machine host software which enables a virtualmachine to be executed on the client computer.

A virtual machine is typically implemented using a virtual machine animage file. In order to execute the virtual machine, the hypervisor orvirtual machine host software on the client computer needs to access theimage file. However, the virtual machine image file may be stored on theserver computer system such that the client computer system does nothave file-level access to the virtual machine image file. For example,in some embodiments the client computer system may be a remote computersystem that is not part of the server computer system's local network.The client computer system may not be able to join the server computersystem's network in a way that provides the client computer system withdirect access to files stored on the server computer system.

To overcome this problem, in some embodiments of the system, the servercomputer system may provide access to the virtual machine image filethrough standard communication protocols such as HTTP, HTTPS, or FTP inorder to allow the client computer system to retrieve the virtualmachine image file over a network. The use of such a standardcommunication protocol may enable the client computer system to obtainthe virtual image file without joining the server computer system'snetwork through a VPN, and may enable the file transfer to traversefirewalls. Once the virtual machine image file has been obtained, theclient computer system can execute it locally, e.g., under control of ahypervisor or virtual machine host software.

FIG. 9 illustrates an example in which a client computer system 82Aexecutes client software that is capable of performing a communicationprotocol such as HTTP, HTTPS, or FTP. As indicated by the arrow 1, theclient software may communicate with server-side software executing on aserver computer 106A in order to retrieve the virtual machine image filefrom the server computer 106A.

In some embodiments the client software that retrieves the virtualmachine image file may be embedded within a standard web browserprogram, such as Firefox or Internet Explorer. For example, the clientsoftware may be embedded in the web browser as a browser plug-in orActiveX, Flash, AJAX or other dynamic control within the web browser. Inthis embodiment the user may simply enter a URL of the server computersystem in the web browser in order to access a web page. The web pagemay include input fields allowing the user to input authenticationinformation, such as a username and password or other information. Uponsuccessfully authenticating the user, the server computer system mayreturn another web page to the web browser which allows the user toselect a desired virtual machine to be retrieved to the client computer.For example, in some embodiments the user may be presented with a listof available virtual machines that are associated with the user or towhich the user has access. In other embodiments the virtual machine tobe retrieved by the user may be predetermined, e.g., may have beenconfigured by an administrator of the server computer system.

Once the determination of which virtual machine to retrieve has beenmade (either by the user selecting a desired virtual machine or byidentifying a predetermined virtual machine for the user) the image filefor the virtual machine may be streamed from the server computer 106A tothe client computer 82A, e.g., using a standard protocol supported bythe web browser such as HTTP, HTTPS, or FTP. As noted above, theseprotocols typically do not require a VPN tunnel to exist between theclient computer 82A and the server computer 106A.

Once the client computer has received the virtual machine image file, itmay instantiate the virtual machine and begin executing it, e.g., undercontrol of a hypervisor. In some embodiments the hypervisor may beembedded in the web browser which the user uses to access the servercomputer and select the virtual machine image file.

In some embodiments the user of the client computer 82A may havepreviously connected to the server computer system and retrieved a fullcopy of the virtual machine image file. In some embodiments, if theclient computer 82A subsequently reconnects to the server computersystem, the system may utilize file differencing techniques so that onlyportions of the virtual machine image file that have changed since theprevious transfer need to be transmitted to the client computer 82A. Forexample, the client computer 82A may communicate with the servercomputer 106A on which the virtual machine image file is stored in orderto perform an initial transfer of the entire virtual machine image tothe client computer 82A.

The virtual machine may then be executed on the client computer 82A. Ifany changes to the virtual machine are made then it may be desirable toupdate the copy of the virtual machine image file on the server computer106A, as indicated by arrow 2 in FIG. 9. Instead of transferring theentire virtual machine image file back to the server computer 106A, onlythe changed portions of the virtual machine image file may betransmitted. Thus, the file differencing techniques may be employed inboth directions, either when transferring the virtual machine from theserver computer 106A to the client computer 82A or vice versa.

In some embodiments the client software on the client computer 82A mayinclude a feature that enables the user to select whether to execute avirtual machine locally on the client computer 82A or remotely on theserver computer 106A and manages the virtual machine session andexecution. For example, this feature may be exposed to the user as asimple button.

Assume that by default the system administrator has configured thevirtual machine to be downloaded to the client and executed locally.While the virtual machine is executing on the client computer 82A, theuser may click the “Run at Server” button. In response, the execution ofthe virtual machine may be paused, as indicated in block 901 of FIG. 10.As indicated in block 903, an available server computer in the servercomputer system may be selected to execute the virtual machine. Thevirtual machine image file on the client computer may be migrated to theselected server computer and synchronized with the copy of the virtualmachine image file already stored on the server computer system, asindicated in block 905. As described above, only the changed portions ofthe virtual machine image file need to be transferred across thenetwork. The selected server computer may then begin executing thevirtual machine and may establish a remote communication session withthe client computer to enable the user to interact with the virtualmachine remotely, e.g., through a remote communication protocol such asVNC, RDP, ICA, TDX, PCoIP, etc. Once the remote communication sessionhas been established, the user may see the same virtual machine that waspreviously executing locally on the client computer 82A. For example,the user interface implemented by the virtual machine may appear on thedisplay of the client computer 82A identically to (or very similar to)how it appeared before the virtual machine was migrated to the servercomputer system, with the same applications and user interface windowsopen, etc.

The “Run at client” feature is the inverse of the above functionality.Suppose that a virtual machine is currently executing on the servercomputer 106A. The user may then click the “Run at client” button in theclient software on the client computer 82A. As indicated in block 921 ofFIG. 11, the execution of the virtual machine on the server computer106A may be paused. The virtual machine may then be migrated to theclient computer 82A, as indicated in block 923. If a previous version ofthe virtual machine is already stored on the client computer 82A, thenthe current version of the virtual machine may be synchronized with theprevious version by transferring only the changed portions of thevirtual machine image, as described above. The client computer 82A maythen begin executing the virtual machine, as indicated in block 925. Forexample, the client computer 82A may include a hypervisor or virtualmachine host software operable to execute the virtual machine.

In some embodiments a virtual machine image file that has beentransferred from the server computer system to the client computer maybe encrypted. Encrypting the virtual machine image file may increase thesecurity of the information in the virtual machine.

In some embodiments the client software may allow the user to specifyvarious options affecting storage of a virtual machine image file thathas been downloaded to the client computer. For example, the user may beable to specify that the virtual machine image file should be completelydeleted from the client computer after the user's session with thevirtual machine is finished. As another example, the user may be able tospecify that the virtual machine image file should continue to be storedlocally on the client computer, which may enable the amount of timerequired to synchronize with the most recent copy of the virtual machineto be reduced upon subsequent usage, as described above.

In some embodiments an administrator of the server computer system maybe able override the user's configuration choices. For example, even ifthe user has configured virtual machine image files to persist on thelocal client computer, the administrator may set a server-side flagwhich causes the server computer to instruct the client software toalways delete any downloaded virtual machines, or to delete particularvirtual machines that have been downloaded.

In some embodiments and expiry date may be associated with a virtualmachine that has been downloaded to and locally stored on the clientcomputer. Once the expiry date of the virtual machine has been reached,the client software may automatically delete the virtual machine. Insome embodiments the client software may use the time maintained by theserver computer system clock in order to determine whether the expirydate has been reached, rather than using the local client computersystem clock.

As described above, the client computer may execute client software thatprovides capabilities to authenticate the user to the server computersystem, download a virtual machine image file from the server computersystem, and execute the virtual machine on the client computer, e.g.,(through an embedded hypervisor). The client software may also beconfigured to contact the server computer system when it starts andquery for any commands that should be executed by the client software.As one example, the server computer system may command the clientsoftware to delete or purge a specific virtual machine stored locally onthe client computer, or to delete or purge all locally stored virtualmachines. As another example, the server computer system may command theclient software to set a new expiry date for one or more of the virtualmachines locally stored on the client computer. As another example, theserver computer system may command the client software to download andinstall an update for the client software on the client computer. Evenif the client software is not able to contact the server computersystem, the client software may still use the previously configuredexpiry dates for all locally stored virtual machines and still purge thevirtual machines if they have expired.

It is noted that various embodiments may further include receiving,sending or storing instructions and/or data implemented in accordancewith the foregoing description upon a computer-accessible storagemedium. Generally speaking, a computer-accessible storage medium mayinclude any storage media accessible by a computer during use to provideinstructions and/or data to the computer. For example, acomputer-accessible storage medium may include storage media such asmagnetic or optical media, e.g., one or more disks (fixed or removable),tape, CD-ROM, DVD-ROM, CD-R, CD-RW, DVD-R, DVD-RW, etc. Storage mediamay further include volatile or non-volatile memory media such as RAM(e.g. synchronous dynamic RAM (SDRAM), Rambus DRAM (RDRAM), static RAM(SRAM), etc.), ROM, Flash memory, non-volatile memory (e.g. Flashmemory) accessible via a peripheral interface such as the UniversalSerial Bus (USB) interface, etc. In some embodiments the computer mayaccess the storage media via a communication means such as a networkand/or a wireless link.

Although the embodiments above have been described in considerabledetail, numerous variations and modifications will become apparent tothose skilled in the art once the above disclosure is fully appreciated.It is intended that the following claims be interpreted to embrace allsuch variations and modifications.

1. A computer-accessible storage medium storing program instructionsexecutable to implement: associating a first computer with a first useron an exclusive basis, wherein the first computer is one of a pluralityof computers in a server computer system, wherein said associatingcomprises storing information indicating that users other than the firstuser cannot use the first computer; receiving a first request from aclient device of the first user to connect to the server computersystem, wherein the first request identifies the first user; in responseto the first request, accessing the stored information and determiningthat the first computer is associated with the first user on theexclusive basis; in response to determining that the first computer isassociated with the first user on the exclusive basis, selecting thefirst computer from the plurality of computers for assignment to thefirst user and establishing a communication session between the clientdevice and the first computer in order to enable the first user to usethe first computer.
 2. The computer-accessible storage medium of claim1, wherein the first computer is one of: a physical computer; a virtualmachine.
 3. The computer-accessible storage medium of claim 1, whereinthe program instructions are further executable to implement: receivinga second request from another client device of a second user to connectto the server computer system; determining that the first computer isassociated with the first user on the exclusive basis; and selectingfrom the plurality of computers a second computer other than the firstcomputer for assignment to the second user.
 4. The computer-accessiblestorage medium of claim 1, wherein the first computer is a first virtualmachine; wherein the program instructions are further executable toimplement: in response to the first request, determining that the firstvirtual machine is in a state of hibernation; wherein assigning thefirst virtual machine to the first user comprises returning the firstvirtual machine to an active state of execution.
 5. Thecomputer-accessible storage medium of claim 1, wherein the firstcomputer is a first virtual machine; wherein the program instructionsare further executable to implement: receiving a second request from theclient device of the first user to connect to the server computersystem; determining that the first virtual machine is not in an activestate of execution; receiving user input from the first user indicatingthat it is permissible to assign a virtual machine other than the firstvirtual machine to the first user; and assigning a virtual machine otherthan the first virtual machine to the first user in response to thesecond request.
 6. The computer-accessible storage medium of claim 5,wherein determining that the first virtual machine is not in an activestate of execution comprises determining that the first virtual machineis hibernated.
 7. The computer-accessible storage medium of claim 1,wherein the first computer is a first virtual machine; wherein theprogram instructions are further executable to implement: receiving asecond request from the client device of the first user to disconnectfrom the server computer system; disconnecting the first user from theserver computer in response to the second request; and maintaining thefirst virtual machine in an active state of execution for future use bythe first user after said disconnecting.
 8. The computer-accessiblestorage medium of claim 1, wherein establishing the communicationsession enables the first user to provide input to and receive outputfrom the first computer through a network.
 9. The computer-accessiblestorage medium of claim 1, wherein establishing the communicationsession enables the first user to execute software programs on the firstcomputer.
 10. The computer-accessible storage medium of claim 1, whereinthe program instructions are further executable to implement: receivinguser input specifying the first computer and the first user; wherein thefirst computer is associated with the first user in response to the userinput.
 11. A system comprising: one or more processors; and memorystoring program instructions; wherein the program instructions areexecutable by the one or more processors to implement: associating afirst computer with a first user on an exclusive basis, wherein thefirst computer is one of a plurality of computers in a server computersystem, wherein said associating comprises storing informationindicating that users other than the first user cannot use the firstcomputer; receiving a first request from a client device of the firstuser to connect to the server computer system; in response to the firstrequest, accessing the stored information and determining that the firstcomputer is associated with the first user on the exclusive basis; inresponse to determining that the first computer is associated with thefirst user on the exclusive basis, selecting the first computer from theplurality of computers for assignment to the first user and establishinga communication session between the client device and the first computerin order to enable the first user to use the first computer.
 12. Thesystem of claim 11, wherein the first computer is one of: a physicalcomputer; a virtual machine.
 13. The system of claim 11, wherein theprogram instructions are further executable to implement: receiving asecond request from another client device of a second user to connect tothe server computer system; determining that the first computer isassociated with the first user on the exclusive basis; and selectingfrom the plurality of computers a second computer other than the firstcomputer for assignment to the second user.
 14. The system of claim 11,wherein the first computer is a first virtual machine; wherein theprogram instructions are further executable to implement: in response tothe first request, determining that the first virtual machine is in astate of hibernation; wherein assigning the first virtual machine to thefirst user comprises returning the first virtual machine to an activestate of execution.
 15. The system of claim 11, wherein the firstcomputer is a first virtual machine; wherein the program instructionsare further executable to implement: receiving a second request from theclient device of the first user to connect to the server computersystem; determining that the first virtual machine is not in an activestate of execution; receiving user input from the first user indicatingthat it is permissible to assign a virtual machine other than the firstvirtual machine to the first user; and assigning a virtual machine otherthan the first virtual machine to the first user in response to thesecond request.
 16. The system of claim 11, wherein the programinstructions are further executable to implement: receiving user inputspecifying the first computer and the first user; wherein the firstcomputer is associated with the first user in response to the userinput.
 17. A method comprising: associating a first computer with afirst user on an exclusive basis, wherein the first computer is one of aplurality of computers in a server computer system, wherein saidassociating comprises storing information indicating that users otherthan the first user cannot use the first computer; receiving a firstrequest from a client device of the first user to connect to the servercomputer system; in response to the first request, accessing the storedinformation and determining that the first computer is associated withthe first user on the exclusive basis; in response to determining thatthe first computer is associated with the first user on the exclusivebasis, selecting the first computer from the plurality of computers forassignment to the first user and establishing a communication sessionbetween the client device and the first computer in order to enable thefirst user to use the first computer.
 18. The method of claim 17,wherein the first computer is one of: a physical computer; a virtualmachine.
 19. The method of claim 17, wherein the first computer is afirst virtual machine; wherein the method further comprises: receiving asecond request from the client device of the first user to connect tothe server computer system; determining that the first virtual machineis not in an active state of execution; receiving user input from thefirst user indicating that it is permissible to assign a virtual machineother than the first virtual machine to the first user; and assigning avirtual machine other than the first virtual machine to the first userin response to the second request.
 20. The method of claim 17, furthercomprising: receiving user input specifying the first computer and thefirst user; wherein the first computer is associated with the first userin response to the user input.